Sign In

Communications of the ACM

Letters to the editor

Common Ails

View as: Print Mobile App ACM Digital Library Full Text (PDF) In the Digital Edition Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Letters to the Editor, illustration

Credit: Getty Images

I read with interest Michael A. Cusumano's October 2021 column, "Section 230 and a Tragedy of the Commons." As the author of a book about Section 230's history (The Twenty-Six Words That Created the Internet, Cornell University Press, 2019), I welcome discussion of this important statute. Unfortunately, Cusumano's column contains some fundamental factual errors that further muddle a debate that already has been rife with inaccuracies.

Perhaps most concerning was Cusumano's characterization of a "specific dilemma" that social media platforms face: "If they edit too much content, then they become more akin to publishers rather than neutral platforms and that may invite strong legal challenges to their Section 230 protections." This statement is false. Section 230 does not have—and never has had—a requirement for platforms to be "neutral." To the contrary, Section 230's authors were motivated by a 1995 state court ruling that suggested that online services receive less protection from liability for user content under the common law if they exercise "editorial control." As Sen. Ron Wyden, Section 230's co-author, told Vox in 2019: "Section 230 is not about neutrality. Period. Full stop. 230 is all about letting private companies make their own decisions to leave up some content and take other content down." Congress provided platforms with Section 230 protections to give them the breathing room to develop moderation technology, policies, and practices that they believe their users' demand. As the first federal appellate court to interpret Section 230 wrote in 1997, under the statute, "lawsuits seeking to hold a service provider liable for its exercise of a publisher's traditional editorial functions—such as deciding whether to publish, withdraw, postpone or alter content—are barred."

Cusumano writes that Section 230 "makes it difficult to hold these companies accountable for misinformation or disinformation they pass on as digital intermediaries." Yet Cusumano does not identify any specific types of legal claims related to misinformation that Section 230 bars. That is because the U.S. does not have a general "anti-misinformation law," nor could it due to our strong First Amendment protections. To be sure, the First Amendment permits certain causes of action related to false speech, such as defamation and false advertising, but the courts have set a high bar for these claims. For good reason, the Supreme Court has ruled that Congress cannot impose a blanket prohibition on all false speech. In recent years, some authoritarian countries have enacted anti-misinformation laws, allowing the government to determine what is permissible and what is "fake news." The U.S. would never be able to have such a law unless the courts were to radically reinterpret the First Amendment.

Cusumano argues that "the U.S. Justice Department or the U.S. Congress must amend Section 230 to reduce the blanket protections offered online platforms." Fortunately, neither the Justice Department nor any other component of the executive branch has the unilateral authority to amend a statute. Of course, Congress can amend Section 230, and in the past few years, we have seen dozens of proposals to do so. The debate about these proposals is vital to the future of the Internet. But it must occur with an accurate understanding of what Section 230 says and does.

Jeff Kosseff, Annapolis, MD, USA

With regard to Michael Cusumano's column the October issue of Communications, it is worth noting that legally the first definition given for "publish" is: "to make known to another or to the public generally" (see Section 230 created a legal fig leaf for the benefit of the then-embryonic social media platforms, which allowed them, for better or worse, to become what they are today. Now, though, there is no reason to ignore the plain meaning of the legal term: social media companies make content known to the public generally. They are, by the legal definition, publishers. There is no reason to allow them to evade responsibility for curating the content they publish, and very strong reason to insist, legally, that they do so. We have laws, albeit imperfect, to control damaging pollution in general and hazardous chemicals in particular. Lies about vaccines, or the integrity of the 2020 Presidential Election, are the exact equivalent in the information sphere and should be treated as such, by appropriate alterations to Section 230.

H. Joel Jeffrey, DeKalb, IL

Back to Top

Author's response:

I appreciate all the comments about my October 2021 Technology Strategy and Management column, both negative and positive. One observation is that lawyers, as well as managers, academics, and politicians, seem to disagree over how to interpret the legislation drafted 25 years ago. My main takeaway from reader comments is that the focus on Section 230 may be a distraction. My column is primarily about the damage already done as a result of widespread misinformation and disinformation on the Internet. And so I also argue that social media platforms need to do more to regulate the content they disseminate. This might very well mean that social media platforms not only need to start behaving more like traditional publishers but that we need to view them as such. Meanwhile, I argue that the Internet as a dependable platform for information exchange has been damaged. There is a moral hazard here if there are no consequences for the dissemination—the publication—of dangerous falsehoods and outright lies. In this sense, I believe we are facing a potential tragedy if we view the community of Internet users as a common resource.

Both right-wing and left-wing critics of social media blame at lot of these problems on Section 230, whether or not they should. I noted that ex-President Trump and others have criticized Section 230 based on the argument that social media platforms are already behaving as publishers because they censored so much content and so they should not be afforded any Section 230 protections. U.S. presidential candidate Biden also wanted to revoke Section 230 in order to hold the social media platforms responsible for the content they disseminate. When both sides of a polarized political spectrum agree that Section 230 is problematic, then clearly we have something to fix.

In the column, I noted that Section 230 allows platforms to set their own "terms of service" and therefore to edit or curate content that, in their view, violates those terms of service. So yes, I understand that platforms are not required by law to be neutral. In practice, though, the social media companies have behaved as if they are not responsible for the content they disseminate and they have been reluctant to edit. Only at the last moments in the recent U.S. presidential campaign did we see the main social media platforms start to ban accounts and tag content as unreliable. Why so late? In part, it seems they do not want to become embroiled in legal challenges and they are being cautious in what they censor. More importantly, perhaps, spectacular content often goes viral and generates huge advertising profits. By contrast, it is possible to hold traditional publishers accountable for the content they publish. Should we hold social media platforms accountable as well and, if so, how, given the First Amendment and other laws? Section 230, like it or not, is at the center of these debates. The Department of Justice a year ago started drafting proposed revisions of Section 230 (see The Biden administration has been reviewing Section 230 as well and reversed a Trump executive order that empowered the Dept. of Commerce and the FCC to investigate "selective censorship" and requested the DOJ to draft legislation curtailing Section 230 protections. At the very least, the Biden administration seems intent on clarifying what the law actually says (see Of course, whether Section 230 is revoked, revised, or left alone is ultimately a decision for Congress, not the Executive Branch. But the real issues are rising mistrust in Internet content and the need for the social media platforms to take more responsibility for the misinformation and disinformation they disseminate and amplify.

Michael Cusumano, Cambridge, MA, USA

Back to Top

Editor-in-Chief's response:

Great to see a thoughtful and hearty debate on these issues. As computing has become a critical intermediary for discourse and really all of society, these issues are essential to the society we are becoming and hope to become! ACM should be at the heart of this debate.

Andrew A. Chien, Chicago, IL, USA

Back to Top

Putting the "I" in Phones

Many tinkerers, including myself, have started to independently and creatively explore the space of self-built smartphones [see "Whose Smartphone Is It?" by James Larus, Sept. 2021, p. 41—Ed.]. In my case, a Raspberry Pi, a matching 4-inch touchscreen display, a USB power bank, a USB headset, a Wi-Fi connection, and an account with a VoIP provider have allowed me to make phone calls and run interesting apps on a variety of Linux-based operating systems.

If you are a reader of this publication, you likely have the ability to do the same, changing the details of the system to suit your own needs and desires. For example, cellular connectivity can come from a cellular board or a USB dongle or a hotspot. Changing screens can turn a phone into a tablet, adding a keyboard can turn it into a laptop or a desktop. There is an astounding variety of hardware boards, operating systems, browsers, apps, and VoIP providers to choose from. Many apps not directly available for your OS, including WhatsApp, are available through a Web browser.

Building your own smartphone takes some time and energy, but less money than required to buy a mainstream smartphone. The more people build and use their own smartphone, the easier it will get—there will be more and better designs and hardware and software available. VoIP providers will improve their support for features such as MMS and for making voice calls through open source (rather than proprietary) SIP software.

Let's encourage everyone to build a smartphone that can be truly theirs.

E. Biagioni, Manoa, HI, USA

Back to Top

Author's response:

Good luck and have fun! It will be challenging to build a mobile device competitive with the highly engineered systems currently available. I would encourage readers also to support governments in their efforts to open these closed systems to permit honest and fair competition.

James Larus, Lausanne, Switzerland

Back to Top

Editor-in-Chief's response:

The extreme complexity and integration of modern smartphones is major challenge. Perhaps recent advances on the "right to repair" and accelerating initiatives in open source hardware will enable progress in creating modular if not ultimately "open source" smartphones.

Andrew A. Chien, Chicago, IL, USA

Back to Top

Lipstick on a Pig?

The article on the Frama-C Platform ("The Dogged Pursuit of Bug-Free C Programs: The Frama-C Software Analysis Platform," June 2021—Ed.) was interesting. While impressive work, it begs the question, why? The authors note that C is a difficult language. C has many flaws, traps, and problems. Dennis Ritchie admitted to C being quirky and flawed. C burdens programmers focusing on machine details. C is a system language, but even for system programming C exposes details that are tedious, error-prone and dangerous. John McCarthy noted the value of checking in his 1963 paper 'A Basis for A Mathematical Theory of Computation.' Checks should be integrated in languages. C has had external tools like lint. Frama-C is another addition. The Frama-C work is based on Design by Contract (DbC) by Bertrand Meyer, based on Hoare logic. Frama-C ASCL syntax looks like the lipstick of DbC stuck on a pig. While C was designed by Dennis Ritchie and Ken Thompson, C is mostly BCPL—credit should go to Strachey and Richards. C invented very little (#define is from Burroughs ALGOL—a suggestion of Don Knuth). The article also says C gives developers freedom, but in C, it is misguided freedom. 'Freedom' is spin for burden that C does not remove from programming. Easing programming is one of the major reasons for programming languages. C creates lock in—the opposite of freedom. C results in inflexible software, which is technical lock in. C culture creates mental lock in—technical criticism of C results in overheated rejection.

The article notes that formal methods can be used to address the shortcomings of C but implementing in C is difficult. Undefined behavior in C results in crashes, memory corruption, or arbitrary results. Intentional memory corruption compromises system security. This is not acceptable in modern systems. Programmers should not be able to mess with memory and addresses to undermine the execution model. Such freedom is the tool of malicious hackers. Security is the utmost problem today. Programmers should not have freedom to harm users. C culture says 'trust the programmer'—not just stupid, but criminally negligent. High-level programming deals with problem-oriented data, contents, and semantics, rather than machine-oriented memory of the container locations or access paths. C focuses on the container rather than contents. Hackers will ignore techniques for correctness and security. Computing needs fundamental fixing, not patching flawed legacy.

The article also says C is widely taught and that with Frama-C, good practices can be taught. C and C++ teach many wrong lessons—diverting students from good practices that are integrated in better languages. Learning C is about dealing with flaws and traps. Institutions should stop teaching C and C++ as foundational languages. Retrofitting DbC onto C is like adding drop-down oxygen masks to a 1920s biplane. Students should be taught languages with direct, clear, and clean support for DbC, not something hacked on to old and flawed languages as lipstick on a pig.

Ian Joyner, Sydney, Australia

Back to Top

Hypercriticality, Hypocriticality, and Hyperempathy

The phenomenon of harsh reviewing, sometimes called hypercriticality, has already been discussed in the Communications' community. I would like to address what is at stake. If unfair, or worse malevolent, criticism should be absolutely banished, we should keep in mind that hypercriticality is part of the scientific ethos, at least if the prefix hyper is understood with respect to more mundane matters. Moreover, in the age of publish or perish we need gatekeepers to avoid conferences, journals, and grant funding schemes to be flooded with questionable writings. Given that reviewers are put under pressure and loaded with many reviewing tasks with tight deadlines, the "three positives for every negative" rule of thumb is unrealistic.

Denouncing hypercriticality often takes implicitly the authors' side. What about the readers' side? The well-meaning will to avoid hypercriticality may become a refuge for hypocriticality. Instead, reviewing should be an exercise in hyperempathy with potential readers as we shall explain. Complacency with authors would be a disservice to readers, since, in accordance with the principle of communicating vessels, the less work for an author, the more work for their readers. The burden should be on authors. As a reviewer, you should make the following maxim yours: Many things that ease the life of an author are as many pebbles for readers to stumble over. Reviewing is a precarious balance, since the interests of the author and of the readers are almost always divergent, at least when these interests are superficially understood. If the reviewer must choose, they should side with readers, the silent majority. One should never disregard this silent majority, the final destination of every writing. In the academic world, the author is this ordinary hero who stands against all, with the opportunity of shining, hence they should never forget the responsibility that comes with such a lofty position. Authors should not overlook the dangers of their ego being bruised, nor overdramatize the consequences.

A final plea. Reviewers, please write reviews as if you were an authentic, self-motivated, and innocent reader. Every review should be an exercise in hyperempathy with readers, who are, after all, on the receiving end in case of publication. Don't be afraid that your hyperempathy with readers comes across as an hypercriticality against authors. What comes across as hypercriticality from the author's perspective can simply originate from an hyperempathy siding with the best interests of future readers. A lack of empathy with readers often drapes itself in the sheep's clothing of hypocriticality. Be critical but be fair. Be fair but be critical. Authors, please do not forget that writing should be an act of hyperempathy in the first place and that your reviewers are your first readers.

Anthony Bordg, Cambridge, U.K.

Back to Top

Verifying Verification

I would like to add some additional reality to Moshe Vardi's "Program Verification: Vision and Reality" (July, 2021). The cyber-physical systems, for example, the Boeing 737 Max-8, we are building today interact with the physical world, which includes humans who may participate in the systems' operation. By "verification," Vardi means formal verification of formal properties of formal mathematical objects. When the program to be verified, for example, a compiler, a word processor, a theorem prover, has no interaction with the physical world, the theorems to be proved are formal mathematical objects.

However, for cyber-physical systems, the theorems to be proved not formal mathematical objects. The theorems are, at their core, mathematical models of the physical world. Our experience with the sciences, from physics through psychology, says these models are never correct, but are just approximately correct. A cyber-physical system relying on the correctness of a verified one of these models cannot be relied on not to fail. In general, verified mathematical correctness for a cyber-physical system is not even meaningful. Verification in Vardi's sense would have done nothing for the Boeing 737 Max-8, because of the human failings and its incorrect assumptions about flying.

Albert Einstein said many years ago "As far as the propositions of mathematics refer to reality, they are not certain; and as far as they are certain, they do not refer to reality." (Albert Einstein; Geometry and Experience; an address on 27 January 1921 at the Prussian Academy of Sciences in Berlin, translated to English, Methuen, London, 1922).

Daniel M. Berry, Waterloo, ON, Canada

Back to Top

Author's response:

To a certain extent I do agree with Berry. As I wrote in the column: "In retrospect, the hope for 'mathematical certainty' was idealized, and not fully realistic, I believe." Yet, I do not agree that verification of cyber-physical systems is meaningless. I encourage Berry to read "Formally verified software in the real world," in the September 2018 of Communications.

Moshe Y. Vardi, Houston, TX, USA

Back to Top


Communications welcomes your opinion. To submit a Letter to the Editor, please limit your comments to 500 words or less, and send to

©2021 ACM  0001-0782/21/12

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and full citation on the first page. Copyright for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or fee. Request permission to publish from or fax (212) 869-0481.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2021 ACM, Inc.


No entries found